Security Issues with The Specker Challenge Game The Scientific Community Game in short: SCG ====================================== Acceptance of false data is a big issue for SCG, but one which can be solved through careful organization. The communication language is defined by two grammars: PlayerTrans (agent -> admin) and PlayerContext (admin -> agent). The grammars define the syntax rules but we also need semantic rules to check the legality of the data. Semantic checks for PlayerTrans: The price of a challenge is in [0..1]. A problem instance must be legal: set of declared variables must be a super set of the set of used variables. a clause must contain 3 distict variables. the weight of a clause is a positive integer > 0. the problem type must be a set of distinct integers. the relation number must be between 0 and 255. A solution of a solved challenge must be a solution to the instance that was provided. A solution to a CSP problem must assign enough variables so that each clause is either satisfied or unsatisfied. A provided problem must satisfy the predicate of the challenge. The challengee must be a player in the game. Semantic checks for PlayerContext: This comes from the admin and is assumed to be legal. -------------------------- SCG Rules: They are in the requirements document section 5.3. We have a set of rules that must be followed by all agents to keep them well-behaved virtual scientists: This replaces rule 2 in 5.3: Ensuring activity but avoiding hyperactivity NumProposals = numOffers + numReoffers; NumOppositions = numAccepts + numReoffers; config.getMinProposals() <= NumProposals <= config.getMaxProposals(); config.getMinOppositions() <= NumOppositions This can be summarized as: They must propose and oppose. A reoffer counts as both. All the other rules in 5.3 apply. The SCG Security Policy ======================================================= ======================================================= All agents are responsible for only delivering PlayerTrans sentences that are legal. The administrator is defined by the code in the isLegal(PlayerTrans trans). http://www.ccs.neu.edu/home/lieber/courses/cs4500/f09/files/source/SCGLibs/scg/scg-game.beh If the administrator does not break the game, she is by definition correct. If isLegal needs to check more rules you send to the class a message containing a PlayerTrans and PlayerContext and you motivate the additional check that needs to be done. This counts as significant class participation. On Tuesday nights, to debug the administrator attacks on the integrity of the game are allowed. Trying to violate rules is encouraged. The teams are encouraged to detect integrity violations. If a team found a vulnerability they need to report it to the class soon after the competition. The administrator will be improved based on this input. This counts as significant class participation. For Admin irregularity notifications to count as participation points, we require the team to produce a PlayerContext/PlayerTrans pair that is "legal" but should not be so. The agents' developers are responsible for running their agent on a secure computer preventing many disclosure and usurpation threads. The information sent between administrator and agents should be encrypted. This is currently missing but might be added later.